JBoss Portal SVN: r6545 - tags.
by portal-commits@lists.jboss.org
Author: julien(a)jboss.com
Date: 2007-03-05 15:20:08 -0500 (Mon, 05 Mar 2007)
New Revision: 6545
Added:
tags/JBoss_Portal_2_6_0_BETA1/
Log:
tagging beta 1
Copied: tags/JBoss_Portal_2_6_0_BETA1 (from rev 6544, trunk)
17 years, 4 months
JBoss Portal SVN: r6544 - trunk/build.
by portal-commits@lists.jboss.org
Author: julien(a)jboss.com
Date: 2007-03-05 15:18:43 -0500 (Mon, 05 Mar 2007)
New Revision: 6544
Modified:
trunk/build/distrib.xml
Log:
update distrib.xml to not include wsrp and use BETA1
Modified: trunk/build/distrib.xml
===================================================================
--- trunk/build/distrib.xml 2007-03-05 17:24:31 UTC (rev 6543)
+++ trunk/build/distrib.xml 2007-03-05 20:18:43 UTC (rev 6544)
@@ -1,7 +1,7 @@
<project default="main" name="JBoss Portal">
<property name="source.dir" value="../../jboss-portal-2.6"/>
- <property name="release.version" value="2.6-ALPHA2"/>
+ <property name="release.version" value="2.6-BETA1"/>
<!-- -->
<property name="portal.release.normal.name" value="jboss-portal-${release.version}"/>
@@ -200,11 +200,12 @@
<fileset dir="${source.dir}/core-management/output/resources" includes="portal-management.sar/**"/>
<fileset dir="${source.dir}/core-admin/output/resources" includes="portal-admin.war/**"/>
</copy>
+<!--
<mkdir dir="${portal.build.normal.bin}/jboss-portal.sar/portal-wsrp.sar"/>
<copy todir="${portal.build.normal.bin}/jboss-portal.sar/portal-wsrp.sar">
<fileset dir="${source.dir}/wsrp/output/lib/portal-wsrp-exploded.sar"/>
</copy>
-
+-->
</target>
<!--
@@ -226,10 +227,12 @@
<fileset dir="${source.dir}/core-management/output/resources" includes="portal-management.sar/**"/>
<fileset dir="${source.dir}/core-admin/output/resources" includes="portal-admin.war/**"/>
</copy>
+<!--
<mkdir dir="${portal.build.ha.bin}/jboss-portal-ha.sar/portal-wsrp.sar"/>
<copy todir="${portal.build.ha.bin}/jboss-portal-ha.sar/portal-wsrp.sar">
<fileset dir="${source.dir}/wsrp/output/lib/portal-wsrp-exploded.sar"/>
</copy>
+-->
<copy file="${source.dir}-docs/readmeFiles/jboss-portal-ha-bin.README" todir="${portal.build.ha.bin}"/>
</target>
17 years, 4 months
JBoss Portal SVN: r6543 - docs/trunk/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-03-05 12:24:31 -0500 (Mon, 05 Mar 2007)
New Revision: 6543
Modified:
docs/trunk/referenceGuide/en/modules/authentication.xml
docs/trunk/referenceGuide/en/modules/security.xml
Log:
addons for Authentication chapter
Modified: docs/trunk/referenceGuide/en/modules/authentication.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 17:04:16 UTC (rev 6542)
+++ docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 17:24:31 UTC (rev 6543)
@@ -11,6 +11,7 @@
<sect1 id="authentication_in_portal">
<title>Authentication in JBoss Portal</title>
<para>TODO</para>
+ <para>To understand authentication mechanisms in JBoss Portal better please refer to <link linkend="security.security_authentication">Security</link> chapter</para>
<sect2 id="configuration">
<title>Configuration</title>
<para>You can configure JAAS authentication stack in <emphasis>jboss-portal.sar/conf/login-config.xml</emphasis></para>
@@ -22,11 +23,83 @@
<para>JBoss Portal comes with few implementations of JAAS <emphasis>LoginModule</emphasis> interface</para>
<sect2>
<title>org.jboss.portal.identity.auth.IdentityLoginModule</title>
- <para>TODO</para>
+ <para>This is standard portal LoginModule implementation, that use portal identity modules to search for users and roles. By default it's the only
+ configured LoginModule in the portal authentication stack. Its behaviour can be altered with following options:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">userModuleJNDIName</emphasis> - JNDI name of portal UserModule.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">roleModuleJNDIName</emphasis> - JNDI name of portal RoleModule.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">membershipModuleJNDIName</emphasis> - JNDI name of portal MembershipModule.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">additionalRole</emphasis> - additional user <emphasis>Principal</emphasis> that will be added to user <emphasis>Subject</emphasis>.
+ This is important as in default portal configuration it is the role that portal servlet is secured with.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">havingRole</emphasis> - only users belonging to role specified with this option will be authenticated.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">unauthenticatedIdentity</emphasis> - the principal to use when a null username and password are seen.
+ </listitem>
+ </itemizedlist>
+ <note>IdentityLoginModule extends org.jboss.security.auth.spi.UsernamePasswordLoginModule so if you are familiar with JBossSX you can apply
+ few other options like "password-stacking". Please refer to JBossSX documentation.</note>
+ </para>
</sect2>
<sect2>
<title>org.jboss.portal.identity.auth.DBIdentityLoginModule</title>
- <para>TODO</para>
+ <para>This <emphasis>LoginModule</emphasis> implementation extends JBossSX <emphasis>org.jboss.security.auth.spi.DatabaseServerLoginModule</emphasis> and can be
+ used to authenicate against Database. The main purpose of this module is to be configured directly against portal database (instead of using portal identity
+ modules like in IdentityLoginModule). So if you are using custom LoginModule implementation you can place this module with "sufficient" flag. This can
+ be extremely useful. For example if you authenticate against LDAP server using JBossSX <emphasis>LdapLoginModule</emphasis> you can
+ fallback to users present in portal database and not present in LDAP like "admin" user. Please look into
+ <ulink url="http://wiki.jboss.org/wiki/Wiki.jsp?page=DatabaseServerLoginModule">this</ulink> wiki page to learn more about
+ <emphasis>DatabaseServerLoginModule</emphasis> configuration</para>
+ <para>
+ Options are:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">dsJndiName</emphasis> - The name of the DataSource of the database containing the Principals and Roles tables
+ </listitem>
+ <listitem>
+ <emphasis role="bold">principalsQuery</emphasis> - The prepared statement query, equivalent to: <emphasis>"select Password from Principals where PrincipalID=?"</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">rolesQuery</emphasis> - The prepared statement query, equivalent to: <emphasis>"select Role, RoleGroup from Roles where PrincipalID=?"</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">hashAlgorithm</emphasis> - The name of the <emphasis>java.security.MessageDigest</emphasis> algorithm to use to hash the password.
+ There is no default so this option must be specified to enable hashing. When hashAlgorithm is specified, the clear text password obtained from the <emphasis>CallbackHandler</emphasis>
+ is hashed before it is passed to UsernamePasswordLoginModule.validatePassword as the inputPassword argument. The expectedPassword as stored in the users.properties
+ file must be comparably hashed.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">hashEncoding</emphasis> - The string format for the hashed pass and must be either "base64" or "hex". Base64 is the default.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">additionalRole</emphasis> - additional user <emphasis>Principal</emphasis> that will be added to user <emphasis>Subject</emphasis>.
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Configuration using portal database will look like this:
+ <programlisting>
+ <![CDATA[
+ <login-module code = "org.jboss.portal.identity.auth.DBIdentityLoginModule" flag="sufficient">
+ <module-option name="dsJndiName">java:/PortalDS</module-option>
+ <module-option name="principalsQuery">SELECT jbp_password FROM jbp_users WHERE jbp_uname=?</module-option>
+ <module-option name="rolesQuery">SELECT jbp_roles.jbp_name, 'Roles' FROM jbp_role_membership INNER JOIN jbp_roles ON jbp_role_membership.jbp_rid = jbp_roles.jbp_rid INNER JOIN jbp_users ON jbp_role_membership.jbp_uid = jbp_users.jbp_uid WHERE jbp_users.jbp_uname=?</module-option>
+ <module-option name="hashAlgorithm">MD5</module-option>
+ <module-option name="hashEncoding">HEX</module-option>
+ <module-option name="additionalRole">Authenticated</module-option>
+ </login-module>
+ ]]>
+ </programlisting>
+ </para>
</sect2>
<sect2>
<title>org.jboss.portal.identity.auth.SynchronizingLdapLoginModule</title>
Modified: docs/trunk/referenceGuide/en/modules/security.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/security.xml 2007-03-05 17:04:16 UTC (rev 6542)
+++ docs/trunk/referenceGuide/en/modules/security.xml 2007-03-05 17:24:31 UTC (rev 6543)
@@ -112,7 +112,7 @@
</para>
</sect1>
- <sect1 id="security_authentication">
+ <sect1 id="security.security_authentication">
<title>Authentication with JBoss Portal</title>
<para>JBoss Portal relies on Java EE for the authentication of users. The Java EE authentication has its advantages
and drawbacks. The main motivation for using Java EE security is the integration with the application server and the
17 years, 4 months
JBoss Portal SVN: r6542 - trunk/core/src/resources/portal-server-war.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-03-05 12:04:16 -0500 (Mon, 05 Mar 2007)
New Revision: 6542
Modified:
trunk/core/src/resources/portal-server-war/error.jsp
Log:
Slightly better login error page (Copy/paste from login + error message)
This still need to be i18n
Modified: trunk/core/src/resources/portal-server-war/error.jsp
===================================================================
--- trunk/core/src/resources/portal-server-war/error.jsp 2007-03-05 16:29:15 UTC (rev 6541)
+++ trunk/core/src/resources/portal-server-war/error.jsp 2007-03-05 17:04:16 UTC (rev 6542)
@@ -23,38 +23,84 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
<html>
<head>
+ <style>
+ body {
+ background-color: #FFFFFF;
+ }
+ td {
+ color: #000000;
+ font-family: verdana, arial, sans-serif;
+ font-size: 12px;
+ line-height: 130%;
+ }
+ </style>
</head>
-<body id="body">
-<div id="portal-container">
- <div id="sizer">
- <div id="expander">
- <div id="logoName"></div>
- <table border="0" cellpadding="0" cellspacing="0" id="header-container">
- <tr>
- <td align="center" valign="top" id="header">
- <div id="spacer"></div>
- </td>
- </tr>
- </table>
- <div id="content-container">
+<body OnLoad="document.loginform.j_username.focus();">
- <div id="login-container">
- <b>Login Failed!</b>
- <br/>
- Sorry, your username and/or password could not be verified.
- </div>
- <hr class="cleaner"/>
+<table width="100%" height="600" cellpadding="0" cellspacing="1" >
+ <tr>
+ <td valign="middle" align="center">
+ <form method="POST" action="<%= response.encodeURL("j_security_check") %>" name="loginform" id="loginForm">
- <div id="footer-container" class="portal-copyright">Powered by <a class="portal-copyright"
- href="http://www.jboss.com/products/jbossportal">JBoss
- Portal</a><br/>
- </div>
- </div>
- </div>
- </div>
-</div>
+ <% String prefix = request.getContextPath(); %>
+
+ <table cellspacing="0" cellpadding="0">
+ <tr>
+ <td ><img src="<%= prefix %>/images/login_top_left.png" /></td>
+ <td style="background-image:url('<%= prefix %>/images/login_top.png')"></td>
+ <td><img src="<%= prefix %>/images/login_top_right.png" /></td>
+ </tr>
+ <tr>
+ <td style="background-image:url('<%= prefix %>/images/login_left.png')"></td>
+ <!-- REAL CONTENT CELL : begin -->
+ <td style="background-color:#b4b4b4" align="center">
+ <b>JBoss Portal Login</b><br/><br/>
+ <p style="color:red">Login failed !</p>
+ <table>
+ <tr>
+ <td align="right" width="50">
+ Username:
+ </td>
+ <td align="left">
+ <input type="text" name="j_username" value=""/>
+ </td>
+ </tr>
+ <tr>
+ <td align="right" width="50">
+ Password:
+ </td>
+ <td align="left">
+ <input type="password" name="j_password" value=""/>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" align="right">
+ <input type="submit" name="login" value="Login"/>
+ </td>
+ </tr>
+ </table>
+
+ </td>
+ <!-- REAL CONTENT CELL : end -->
+ <td style="background-image:url('<%= prefix %>/images/login_right.png')"></td>
+ </tr>
+ <tr>
+ <td><img src="<%= prefix %>/images/login_bottom_left.png" /></td>
+ <td style="background-image:url('<%= prefix %>/images/login_bottom.png')"></td>
+ <td><img src="<%= prefix %>/images/login_bottom_right.png" /></td>
+ </tr>
+ </table>
+
+
+ </form>
+
+ </td>
+ </tr>
+</table>
+
</body>
</html>
17 years, 4 months
JBoss Portal SVN: r6541 - docs/trunk/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-03-05 11:29:15 -0500 (Mon, 05 Mar 2007)
New Revision: 6541
Modified:
docs/trunk/referenceGuide/en/modules/authentication.xml
Log:
addons for Authentication chapter
Modified: docs/trunk/referenceGuide/en/modules/authentication.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 14:56:52 UTC (rev 6540)
+++ docs/trunk/referenceGuide/en/modules/authentication.xml 2007-03-05 16:29:15 UTC (rev 6541)
@@ -21,15 +21,15 @@
<title>JAAS Login Modules</title>
<para>JBoss Portal comes with few implementations of JAAS <emphasis>LoginModule</emphasis> interface</para>
<sect2>
- <title>IdentityLoginModule</title>
+ <title>org.jboss.portal.identity.auth.IdentityLoginModule</title>
<para>TODO</para>
</sect2>
<sect2>
- <title>DBIdentityLoginModule</title>
+ <title>org.jboss.portal.identity.auth.DBIdentityLoginModule</title>
<para>TODO</para>
</sect2>
<sect2>
- <title>SynchronizingLdapLoginModule</title>
+ <title>org.jboss.portal.identity.auth.SynchronizingLdapLoginModule</title>
<para>
Use can use this module instead of IdentityLoginModule to bind to LDAP.
<emphasis>org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule</emphasis> class is a wrapper around
@@ -77,7 +77,7 @@
For obvious reasons this is designed to use with portal identity modules configured with DB and not LDAP</para>
</sect2>
<sect2>
- <title>SynchronizingLdapExtLoginModule</title>
+ <title>org.jboss.portal.identity.auth.SynchronizingLdapExtLoginModule</title>
<para>All options that apply for <emphasis>SynchronizingLdapLoginModule</emphasis> also apply here. It's the same kind of wrapper
made around <ulink url="http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule">LdapExtLoginModule</ulink> from JBossSX.
Sample configuration can look like this:</para>
@@ -110,5 +110,52 @@
</mbean>]]>
</programlisting>
</sect2>
+ <sect2>
+ <title>org.jboss.portal.identity.auth.SynchronizingLoginModule</title>
+ <para>
+ This module is designed to provide synchronization support for any other LoginModule placed in the authentication stack.
+ It leverages the fact that in JAAS authentication process occurs in two phases. In first phase when login() method is invoked
+ it always returns "true". Because of this behaviour <emphasis>SynchronizingLoginModule</emphasis> should be always used with
+ "optional" flag..
+ Morover it should be placed after module we want to leverage as a source for synchronization and this module should have "required" flag set.
+ During the second phase when commit() method is invoked it gets user <emphasis>Subject</emphasis> and its <emphasis>Principal</emphasis>s
+ and tries to synchronize them into storage configured for portal identity modules. For this purposes such options are supported:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">userModuleJNDIName</emphasis> - JNDI name of portal UserModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> option is set to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">roleModuleJNDIName</emphasis> - JNDI name of portal RoleModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> and <emphasis>synchronizeRoles</emphasis> options are set to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">membershipModuleJNDIName</emphasis> - JNDI name of portal MembershipModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> and <emphasis>synchronizeRoles</emphasis> options are set to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">userProfileModuleJNDIName</emphasis> - JNDI name of portal UserProfileModule. This option is <emphasis>obligatory</emphasis>
+ if <emphasis>synchronizeIdentity</emphasis> option is set to <emphasis>true</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">synchronizeIdentity</emphasis> - if set to <emphasis>true</emphasis> module will check if
+ successfully authenticated user exist in portal and if not it will try to create it. If user exists module will update its password
+ to the one that was just validated.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">synchronizeRoles</emphasis> - if set to <emphasis>true</emphasis> module will iterate over all roles assigned to
+ authenticated user and for each it will try to check if such role exists in portal and if not it will try to create it. This option is
+ checked only if <emphasis>synchronizeIdentity</emphasis> is set to true;
+ </listitem>
+ <listitem>
+ <emphasis role="bold">additionalRole</emphasis> - module will add this role name to the group of principals assigned to the authenticated user.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">defaultAssignedRole</emphasis> - if <emphasis>synchronizeIdentity</emphasis> is set to true, module will try to assign
+ portal role with such name to the authenticated user. If such role doesn't exist in portal, module will try to create it.
+ </listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
</sect1>
</chapter>
17 years, 4 months
JBoss Portal SVN: r6540 - docs/trunk/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-03-05 09:56:52 -0500 (Mon, 05 Mar 2007)
New Revision: 6540
Modified:
docs/trunk/referenceGuide/en/modules/ldap.xml
Log:
supported servers matrix startup
Modified: docs/trunk/referenceGuide/en/modules/ldap.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/ldap.xml 2007-03-05 13:40:33 UTC (rev 6539)
+++ docs/trunk/referenceGuide/en/modules/ldap.xml 2007-03-05 14:56:52 UTC (rev 6540)
@@ -540,6 +540,99 @@
</sect1>
<sect1>
<title>Supported LDAP servers</title>
- <para>TODO:</para>
+ <para></para>
+ <table frame="all">
+ <title>Support of identity modules with different LDAP servers</title>
+ <tgroup cols="8" align="left" colsep="1" rowset="1">
+ <colspec colname='c1'/>
+ <colspec colname='c2'/>
+ <colspec colname='c3'/>
+ <colspec colname='c4'/>
+ <colspec colname='c5'/>
+ <colspec colname='c6'/>
+ <colspec colname='c7'/>
+ <colspec colname='c8'/>
+ <thead>
+ <row>
+ <entry align="center" morerows="1">LDAP Server</entry>
+ <entry align="center" namest="c2" nameend="c3">UserModule</entry>
+ <entry align="center" namest="c4" nameend="c5">RoleModule</entry>
+ <entry align="center" namest="c6" nameend="c7">MembershipModule</entry>
+ <entry align="center">UserProfileModule</entry>
+ </row>
+ <row>
+ <entry>LDAPUserModuleImpl</entry>
+ <entry>LDAPExtUserModuleImpl</entry>
+ <entry>LDAPRoleModuleImpl</entry>
+ <entry>LDAPExtRoleModuleImpl</entry>
+ <entry>LDAPStaticGroupMembershipModuleImpl</entry>
+ <entry>LDAPStaticRoleMembershipModuleImpl</entry>
+ <entry>LDAPUserProfileModuleImpl</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>Red Hat Directory Server</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ </row>
+ <row>
+ <entry>OpenDS</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">-</entry>
+ <entry align="center">X</entry>
+ </row>
+ <row>
+ <entry>OpenLDAP</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">X</entry>
+ <entry align="center">-</entry>
+ <entry align="center">X</entry>
+ </row>
+ <row>
+ <entry>Microsoft Active Directory</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ </row>
+ <row>
+ <entry>Sun Java System Directory Server</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ </row>
+ <row>
+ <entry>Novell eDirectory</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ <entry align="center">?</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
</sect1>
</chapter>
17 years, 4 months
JBoss Portal SVN: r6539 - docs/trunk/referenceGuide/en/modules.
by portal-commits@lists.jboss.org
Author: bdaw
Date: 2007-03-05 08:40:33 -0500 (Mon, 05 Mar 2007)
New Revision: 6539
Modified:
docs/trunk/referenceGuide/en/modules/ldap.xml
Log:
anorther part of ldap chapter
Modified: docs/trunk/referenceGuide/en/modules/ldap.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/ldap.xml 2007-03-05 13:22:46 UTC (rev 6538)
+++ docs/trunk/referenceGuide/en/modules/ldap.xml 2007-03-05 13:40:33 UTC (rev 6539)
@@ -153,33 +153,162 @@
<title>LDAP Identity Modules</title>
<para>TODO:</para>
<sect2>
+ <title>Common settings</title>
+ <para>For all modules you can set two config options:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">jndiName</emphasis> - JNDI name under which this module will be registered
+ </listitem>
+ <listitem>
+ <emphasis role="bold">connectionJNDIName</emphasis> - JNDI name under which LDAP datasource is registered
+ </listitem>
+ </itemizedlist>
+ <note>Most configuration of LDAP identity modules is done in <emphasis>options</emphasis> section by adding module specific options
+ in <emphasis>"common"</emphasis> option-group or in other module specific groups.</note>
+ </para>
+ </sect2>
+ <sect2>
<title>UserModule</title>
<sect3>
<title>LDAPUserModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl options:
+ <para>This is the base implementation of LDAP <emphasis>UserModule</emphasis>. It supports user creation, but will retreive users and create them
+ in strictly specified place in LDAP tree.</para>
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>User</type>
+ <implementation>LDAP</implementation>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">userCtxDN</emphasis> - DN that will be used as context for user searches
+ </listitem>
+ <listitem>
+ <emphasis role="bold">uidAttributeID</emphasis> - attribute name under which user name is specified. Default value is "uid"
+ </listitem>
+ <listitem>
+ <emphasis role="bold">passwordAttributeID</emphasis> - attribute name under which user password is specified. Default value is "userPassword"
+ </listitem>
+ <listitem>
+ <emphasis role="bold">principalDNPrefix</emphasis> and <emphasis role="bold">principalDNSuffix</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchTimeLimit</emphasis> - The timeout in milliseconds for the user searches. Defaults to 10000 (10 seconds).
+ </listitem>
+ </itemizedlist>
</listitem>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">userCreateAttibutes</emphasis>: This option-group defines a set of ldap attributes that will be set on user entry creation.
+ Option name will be used as attribute name, and option values as attribute values. This enables to fulfill LDAP schema requirements.
</listitem>
</itemizedlist>
+ Example configuration:
+ <programlisting>
+ <![CDATA[
+ <option-group>
+ <group-name>common</group-name>
+ <option>
+ <name>userCtxDN</name>
+ <value>ou=People,o=portal,dc=my-domain,dc=com</value>
+ </option>
+ <option>
+ <name>uidAttributeID</name>
+ <value>uid</value>
+ </option>
+ <option>
+ <name>passwordAttributeID</name>
+ <value>userPassword</value>
+ </option>
+ </option-group>
+ <option-group>
+ <group-name>userCreateAttibutes</group-name>
+ <option>
+ <name>objectClass</name>
+ <!--This objectclasses should work with Red Hat Directory-->
+ <value>top</value>
+ <value>person</value>
+ <value>inetOrgPerson</value>
+ </option>
+ <!--Schema requires those to have initial value-->
+ <option>
+ <name>cn</name>
+ <value>none</value>
+ </option>
+ <option>
+ <name>sn</name>
+ <value>none</value>
+ </option>
+ </option-group>
+ ]]>
+ </programlisting>
+
</para>
</sect3>
<sect3>
<title>LDAPExtUserModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl options:
+ <para>This module doesn't support user creation and removal</para>
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>User</type>
+ <implementation>LDAP</implementation>
+ <class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">userCtxDN</emphasis> - DN that will be used as context for user searches
+ </listitem>
+ <listitem>
+ <emphasis role="bold">userSearchFilter</emphasis> - ldap filter to search users with. {0} will be substitute with user name. Example filter can look like this:
+ "(uid={0})". This substituion behavior comes from the standard <emphasis>DirContext.search(Name, String, Object, SearchControls cons)</emphasis> method
+ </listitem>
+ <listitem>
+ <emphasis role="bold">uidAttributeID</emphasis> - attribute name under which user name is specified. Default value is "uid"
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchTimeLimit</emphasis> - The timeout in milliseconds for the user searches. Defaults to 10000 (10 seconds).
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchScope</emphasis> - Sets the search scope to one of the strings. The default is SUBTREE_SCOPE.
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">OBJECT_SCOPE</emphasis> - only search the named users context.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">ONELEVEL_SCOPE</emphasis> - search directly under the named users context.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">SUBTREE_SCOPE</emphasis> - If the users context is not a <emphasis>DirContext</emphasis>, search only the object.
+ If the users context is a <emphasis>DirContext</emphasis>, search the subtree rooted at the named object, including the named object itself.
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
+
</para>
</sect3>
</sect2>
@@ -188,28 +317,94 @@
<sect3>
<title>LDAPRoleModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPRoleModuleImpl options:
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>Role</type>
+ <implementation>LDAP</implementation>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPRoleModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">roleCtxDN</emphasis> - DN that will be used as context for role searches.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">ridAttributeID</emphasis> - attribute name under which role name is specified. Default value is "cn".
+ </listitem>
+ <listitem>
+ <emphasis role="bold">roleDisplayNameAttributeID</emphasis> - attribute name under which role display name is specified. Default value is "cn".
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchTimeLimit</emphasis> - The timeout in milliseconds for the roles searches. Defaults to 10000 (10 seconds).
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
</para>
</sect3>
<sect3>
<title>LDAPExtRoleModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl options:
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>Role</type>
+ <implementation>LDAP</implementation>
+ <class>org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl</class>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">roleCtxDN</emphasis> - DN that will be used as context for role searches
+ </listitem>
+ <listitem>
+ <emphasis role="bold">roleSearchFilter</emphasis> - ldap filter to search roles with. {0} will be substitute with role name. Example filter can look like this:
+ "(cn={0})". This substituion behavior comes from the standard <emphasis>DirContext.search(Name, String, Object, SearchControls cons)</emphasis> method.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">ridAttributeID</emphasis> - attribute name under which role name is specified. Default value is "cn".
+ </listitem>
+ <listitem>
+ <emphasis role="bold">roleDisplayNameAttributeID</emphasis> - attribute name under which role display name is specified. Default value is "cn".
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchTimeLimit</emphasis> - The timeout in milliseconds for the roles searches. Defaults to 10000 (10 seconds).
+ </listitem>
+ <listitem>
+ <emphasis role="bold">searchScope</emphasis> - Sets the search scope to one of the strings. The default is SUBTREE_SCOPE.
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">OBJECT_SCOPE</emphasis> - only search the named roles context.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">ONELEVEL_SCOPE</emphasis> - search directly under the named roles context.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">SUBTREE_SCOPE</emphasis> - If the roles context is not a <emphasis>DirContext</emphasis>, search only the object.
+ If the roles context is a <emphasis>DirContext</emphasis>, search the subtree rooted at the named object, including the named object itself.
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
</para>
</sect3>
@@ -217,30 +412,71 @@
<sect2>
<title>MembershipModule</title>
<sect3>
- <title>LDAPStaticRoleMembershipModuleImpl</title>
+ <title>LDAPStaticGroupMembershipModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl options:
+ <para>This module support tree shape where role entries keep information about users that are their members.</para>
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>Membership</type>
+ <implementation>LDAP</implementation>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">membershipAttributeID</emphasis> - LDAP attribute that defines member users ids. This will be used to retreived users from role
+ entry.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">membershipAttributeIsDN</emphasis> - defines if values of attribute defined in <emphasis>membershipAttributeID</emphasis> are fully qualified
+ LDAP DNs.
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
</para>
</sect3>
<sect3>
- <title>LDAPStaticGroupMembershipModuleImpl</title>
+ <title>LDAPStaticRoleMembershipModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl options:
+ <para>This module support tree shape where user entries keep information about roles that they belong to.</para>
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>Membership</type>
+ <implementation>LDAP</implementation>
+ <class>org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl</class>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">membershipAttributeID</emphasis> - LDAP attribute that defines role ids that user belongs to. This will be used to retreived roles
+ from user entry.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">membershipAttributeIsDN</emphasis> - defines if values of attribute defined in <emphasis>membershipAttributeID</emphasis> are fully qualified
+ LDAP DNs.
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
</para>
</sect3>
@@ -250,14 +486,49 @@
<sect3>
<title>LDAPUserProfileModuleImpl</title>
<para>TODO:</para>
- <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl options:
+ <para>To enable it in your configuration you should have:
+ <programlisting>
+ <![CDATA[
+ <module>
+ <type>UserProfile</type>
+ <implementation>DELEGATING</implementation>
+ <config>
+ <option>
+ <name>ldapModuleJNDIName</name>
+ <value>java:/portal/LDAPUserProfileModule</value>
+ </option>
+ </config>
+ </module>
+ <module>
+ <type>DBDelegateUserProfile</type>
+ <implementation>DB</implementation>
+ <config>
+ <option>
+ <name>randomSynchronizePassword</name>
+ <value>true</value>
+ </option>
+ </config>
+ </module>
+ <module>
+ <type>LDAPDelegateUserProfile</type>
+ <implementation>LDAP</implementation>
+ <config/>
+ </module>
+ ]]>
+ </programlisting>
+ <note>Using such configuration you will have LDAP MembershipModule along with DB MembershipModule and Delegating MembershipModule</note>
+ </para>
+ <para>org.jboss.portal.identity.ldap.LDAPUserModuleImpl configuration option-groups options:
<itemizedlist>
<listitem>
- <emphasis role="bold"></emphasis> -
+ <emphasis role="bold">common</emphasis>:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">profileConfigFile</emphasis> - file with user profile configuration. If this option is not set, and we use delegating UserProfileModule,
+ profile configuration will be obtained from it.
+ </listitem>
+ </itemizedlist>
</listitem>
- <listitem>
- <emphasis role="bold"></emphasis> -
- </listitem>
</itemizedlist>
</para>
</sect3>
@@ -265,6 +536,7 @@
</sect1>
<sect1>
<title>LDAP server tree shapes</title>
+ <para>TODO:</para>
</sect1>
<sect1>
<title>Supported LDAP servers</title>
17 years, 4 months
JBoss Portal SVN: r6538 - trunk/core-admin/src/bin/portal-admin-war.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-03-05 08:22:46 -0500 (Mon, 05 Mar 2007)
New Revision: 6538
Modified:
trunk/core-admin/src/bin/portal-admin-war/style.css
Log:
0 cell-spacing
Modified: trunk/core-admin/src/bin/portal-admin-war/style.css
===================================================================
--- trunk/core-admin/src/bin/portal-admin-war/style.css 2007-03-05 13:04:27 UTC (rev 6537)
+++ trunk/core-admin/src/bin/portal-admin-war/style.css 2007-03-05 13:22:46 UTC (rev 6538)
@@ -3,7 +3,6 @@
.admin-ui table {
border: 0px;
border-collapse: separate;
- border-spacing: 10px 4px;
}
.admin-ui th {
17 years, 4 months
JBoss Portal SVN: r6537 - trunk/core-admin/src/bin/portal-admin-war.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-03-05 08:04:27 -0500 (Mon, 05 Mar 2007)
New Revision: 6537
Modified:
trunk/core-admin/src/bin/portal-admin-war/style.css
Log:
IE6 doesn't know about border-spacing :(
Data was cropped due to the -10 left-margin.
Modified: trunk/core-admin/src/bin/portal-admin-war/style.css
===================================================================
--- trunk/core-admin/src/bin/portal-admin-war/style.css 2007-03-05 12:01:43 UTC (rev 6536)
+++ trunk/core-admin/src/bin/portal-admin-war/style.css 2007-03-05 13:04:27 UTC (rev 6537)
@@ -4,10 +4,6 @@
border: 0px;
border-collapse: separate;
border-spacing: 10px 4px;
- margin-left: -10px;
- margin-right: -10px;
- margin-top: -4px;
- margin-bottom: -4px;
}
.admin-ui th {
17 years, 4 months
JBoss Portal SVN: r6536 - trunk/core/src/bin/portal-core-war/themes/renaissance.
by portal-commits@lists.jboss.org
Author: thomas.heute(a)jboss.com
Date: 2007-03-05 07:01:43 -0500 (Mon, 05 Mar 2007)
New Revision: 6536
Modified:
trunk/core/src/bin/portal-core-war/themes/renaissance/portal_style.css
Log:
Display sub-menus on IE6
Modified: trunk/core/src/bin/portal-core-war/themes/renaissance/portal_style.css
===================================================================
--- trunk/core/src/bin/portal-core-war/themes/renaissance/portal_style.css 2007-03-05 05:42:47 UTC (rev 6535)
+++ trunk/core/src/bin/portal-core-war/themes/renaissance/portal_style.css 2007-03-05 12:01:43 UTC (rev 6536)
@@ -346,7 +346,8 @@
color: #5078aa;
}
-UL#tabsHeader li:hover ul {
+UL#tabsHeader li:hover ul,
+ UL#tabsHeader a:hover ul {
visibility: visible;
}
17 years, 4 months